ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Home

90 million reasons to unsubscribe

Paul Brislen, Editor. 01 October 2018, 5:00 am

Fifty million Facebook users have, apparently, woken to the news that their profiles have been breached and they have to change their passwords.

Of course, with Facebook, that's probably just the tip of the iceberg because of the massive amounts of data Facebook stores on its user base.

This vulnerability is unlike the Cambridge Analytica breach - which was based on a third party company using access to Facebook's data incorrectly, according to Facebook.

This time round, Facebook has no-one else to blame as it appears the breach is via up to three security holes in its own API software.

The flaws, which have been in place since July 2017, weren't spotted until unusual activity alerted Facebook to the problem in August 2018 - presumably the hackers have had some time to do whatever it is they set out to do.

While 50 million have been told they have problems, a further 40 million have also been forced to reset their passwords as a precaution. While 90 million affected users make this one of the biggest security breaches in recent times, with a user base measured in billions it is a small part of the Facebook base.

The timeline of the Facebook hack may prove challenging for the company, especially in Europe where the General Data Protection Rules (GDPR) require any such data exposure to be reported within 72 hours.

Facebook uncovered the attack on Tuesday last week, notified the FBI on Wednesday and on Thursday fixed the vulnerability. Whether it also reported the breach to EU officials remains to be seen.

Facebook has also reported declined to publish links to a Guardian story about the breach, defining them as spam. Facebook threatened to sue the Guardian after it reported on the Cambridge Analytica breach, but did not follow through after the company was fined for the breaches.

Stories about the current breach published by other outlets were able to be shared by Facebook users.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio